Automated Google Hacking

Using Google To Your Advantage

Google is one of the biggest companies now a days. It provides you with so many services that no one could imagine the internet without it. Google’s search engine is what I am going to focus on in this article since that is what Google Hacking is about. The term actually refers to using Google’s search engine in an advanced way to find sensitive information. If you haven’t done any Google Hacking yet then take a look at this hacking article.

Automated Google Hacking

Since Google Hacking can be quite time consuming people from the Cult of the Dead Cow wrote a program which automates this task. It is a pretty cool tool but the bad part is that you can not send queries that often. So do NOT use the program too often or send to many queries since that may cause Google to ban you!

It is still worth taking a look at especially for administrators to scan whether their websites give away too much information. I’ve used Google Hacking myself several times and found some really really sensitive information so Google Hacking is not something you should underestimate.

Bookmark and Share

Advertisements

Blogger.com 6th largest source of malware

I found an interesting article. The article talks about the sources of malware. According to a research group more than half of the malicious sites available on the internet are hosted in China. The more interesting thing is that Google and Blogger.com together are the 4th biggest source of malware. Ironically enough Google is the one who reported all the sites examined in the project as malicious.

Here is the whole article.

Security flaw in Internet Explorer

A Zero-day vulnerability was found in the Internet Explorer and reported to Microsoft. Through the flaw a malicious user is able to hijack cookies and steal credentials. The Internet Explorer 6 on Windows XP SP2 and SP3 are only affected by this security flaw. Secunia rates this a moderately critical issue. Since there is not a patch available for IE users it is recommended to use another browser or upgrade to IE 7.

Here is the full article if you want to read more.

Hacking Web Applications

The internet is growing faster then ever and it will probably will not stop growing in the near future. The same thing applies to web applications. Each day there are thousands of new web applications and they are becoming more and more important. More companies rely heavily on them, for that reason it is a extremely important to secure them properly. By understanding how to hack them you will understand how to secure them.

As with everything, hacking web applications is about experience and knowledge. That is the reason why I want to show you how and where you can learn about it.

Legal Web Hacking sites
There are several good web sites where you can learn about hacking web sites. I do not want to go into detail since I already listed most of them in my first and second part of the learning how to hack article.

Learning Web Hacking Through Programs
If you want to learn to hack web application I recommend you download Webgoat. Webgoat was created by OWASP. You can download it for free on OWASP’s web site. After downloading it you need to extract the zip-file. Then double click on the webgoat.bat file. This makes your computer more vulnerable so I recommend that you unplug your network cable so you do not have access to the internet. Afterwards open up a browser, browse to http://localhost/WebGoat/attack and enter “guest” as username and password. You should now see something similiar to the picture below. On the left side of the page you can select the different things you want to learn. Clicking “Hints”, on the top of the page, will help you with the challenge when you are stuck.

OWASP\'s Webgoat
Have fun ­čśë If you have any questions or you are stuck in a challenge, feel free to contact us.

3 Simple Ways To Prevent Spam

@ email signSpam is a huge problem now a days. Thousands of programs crawl the internet each day looking for email addresses. The problem is that people post their email addresses without thinking about the risk of spam or that they do not know how to protect themselves from spam.

How Do Crawlers Find My Email Address
Finding your email address on your web site is not really complicated. The email crawlers look at your page and every link on it. If they find a link containing an @ sign, they will extract the email address, copy it and go on with their search. This is how these programs work.
Now that we know how they find our addresses we can go on to fixing the problem.

Preventing Spam
The first way to prevent spam is pretty simple. When you post your email address on a page replace the @ sign with an [at] or (at), however you like. This measure will keep away dumb crawlers from extracting your email address. However there are still smart programs which recognize this and will still copy the address and replace the [at] with @.

The second way is to use an image, like the one above. of an @-sign instead of the @ itself.This is an very effective way to prevent crawlers from copying your email but it is tedious. It also increases the size of your homepage and therefore the speed with which visitors will download your web site.

The third way is to encode your email address. There are web sites that offer this service for free. The one I found is an German web site, antispam. I marked the lines you have to fill in on the picture with a short explanation. After filling in the boxes you can go ahead and click “Verschl├╝sseln”. explanationThis should take you to another page.
There the code which you have to copy is presented. It also gives you an preview of how the link will look like on your page. Just copy the code and paste into your web site.
The downside of this method is that this will not work if someone visits your web site who has Javascript disabled.

I hope this helps

Metasploit site hijacked

Supposedly the metasploit web site was hijacked by hackers. The hackers used an ARP poison to pull off the attack. The homepage was defaced and redirected to a page announcing that it was “hacked by sunwear ! for fun.”
For more details take a look at the news site The Register.

Bypassing BIOS password protection

Securing your own computer is very important and most people rely on BIOS passwords to protect their computer. But this is a huge mistake since anyone with a little bit of knowledge is able to bypass it easily.

Bypassing BIOS password protected computers

Most BIOS chips have built-in master passwords or hidden routes which enable you to bypass the password protection in case you lost or forgot your password.

Master passwords
There are several web sites that list all the BIOS master passwords, here is one of them. You can also just google “BIOS master password list” and you will find tons of lists.

It is not guaranteed that these master passwords work because of the different BIOS chips but there is a pretty good chance that they will.

Bypassing it the other way
You can also bypass it if you are already running Windows( I acutally don’t recommend doing this since it can be harmful to your BIOS, only use it if you know what you are doing). Open the command prompt cmd.exe . There enter:
Debug [Enter]
o 70 17 [Enter]
o 71 17 [Enter]
q [Enter]

This will restart the computer.